snakekeylogger | fc53ccd71a8b45f03e842e375777e017b73371d2ae6828af9fd8328f6b91c3ee | Triage

Submit
Reports

Overview

overview

Static

static

5

lista de c...am.exe

windows7-x64

lista de c...am.exe

windows10-2004-x64

Sharing

General

Target

lista de cotizaciones.xlam.exe
Size

984KB
Sample

240702-gqwlsatakm
MD5

3397f79c3a08077e9295c17c9b3b938c
SHA1

7c1cfd2b56e5f4780b561942fe1e9f62200be5cb
SHA256

fc53ccd71a8b45f03e842e375777e017b73371d2ae6828af9fd8328f6b91c3ee
SHA512

a651cd572e27869b1c2901aea00244a08fe7b2607422d7b97892e9ef9e86a1fcce29ad9b86904fa6bd8c30bf2e9fe97f4df002a89acebbf9085218a41e1e1a81
SSDEEP

24576:fAHnh+eWsN3skA4RV1Hom2KXMmHanbuQ5:Ch+ZkldoPK8YanZ

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

lista de cotizaciones.xlam.exe

Resource

win7-20240611-en

snakekeylogger collection keylogger stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

lista de cotizaciones.xlam.exe

Resource

win10v2004-20240226-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5581840526:AAE1o2MXOklfCJKspnGyHbkaYvwtJlJ8h3M/sendMessage?chat_id=5063375086

Targets

- Target
  
  lista de cotizaciones.xlam.exe
- Size
  
  984KB
- MD5
  
  3397f79c3a08077e9295c17c9b3b938c
- SHA1
  
  7c1cfd2b56e5f4780b561942fe1e9f62200be5cb
- SHA256
  
  fc53ccd71a8b45f03e842e375777e017b73371d2ae6828af9fd8328f6b91c3ee
- SHA512
  
  a651cd572e27869b1c2901aea00244a08fe7b2607422d7b97892e9ef9e86a1fcce29ad9b86904fa6bd8c30bf2e9fe97f4df002a89acebbf9085218a41e1e1a81
- SSDEEP
  
  24576:fAHnh+eWsN3skA4RV1Hom2KXMmHanbuQ5:Ch+ZkldoPK8YanZ
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy